-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [EMAIL PROTECTED] wrote: > > >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of >> Clark Williams >> Sent: Monday, June 26, 2006 3:07 PM >> To: Discussion of Fedora build system >> Subject: Re: New version of mock working (I think) >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> [EMAIL PROTECTED] wrote: >>> Yes, feedback from Dan would be good. My initial thoughts >> are that a >>> client implementation would be best at this point, due to >> the security >>> implications of a server. Something where we call a server API >>> provided by plague like: >>> server.begin_mock_status( "my.src.rpm", MY_PID) >>> server.set_mock_status( "my.src.rpm", "status_string", MY_PID) >>> ... >>> server.end_mock_status( "my.src.rpm", return_code, MY_PID) >>> >> Ah, and you thought I really *meant* it when I said I'd shut up. Ha! >> >> Don't you think that a simple server where we just have a >> listen socket and respond to "what's your status?" would be >> more straight forward? > > I would like to foster discussion. It would be bad if one of the > co-maintainers failed to voice their concerns over project direction, so > no, I would hope that you never shut up. <aside>
/me hopes everyone takes note of the above. Please don't construe my opposition to a proposal on the list as anything personal. It's just my opinions based on a couple of decades of programming experience. My programming philosophy will pretty much always boil down to: simpler is better. I can be talked around to solution that I initially oppose. I just need some encouragement :) </aside> > > My initial thoughts around this is that having an xmlrpc server exposes > too much of our (running with elevated privs) internals to random, > untrusted strangers. There has already been one reported vulnerability > in the python xmlrpc code. > > Both code-wise (7-10 lines for client, vs at least 20 for server), and > security-wise, I think a client would be 'simpler'. > > Also, adding a server entices future additions along the lines you > already said we don't want to go, and starts to supplant plague/brews > role. Ok, I can go with that. Probably the most convincing portion of the above argument is the idea of implementing a root-privilege server as opposed to pushing that back to the build system maintainers. So I suppose it means that we should publish a call-out specification that says: if you invoke mock with the --server-mumble=X on the command line, mock will use X as a URL to make an XML-RPC call with the state as an argument in <as yet to be determined> form. We will then have to wrap that in a try/except and possibly some timeout logic to make sure that if the other end isn't speaking our language, we continue or fail in a controlled fashion. Clark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEoEyNHyuj/+TTEp0RAoToAJ9jNUmUqLkyxsAh0HoUNEu94lEq8wCffdIh YTkO7OshBbqn1eymgtrMP3c= =pl/z -----END PGP SIGNATURE----- -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
